scdaemon lockup with Yubikey NEO

the2nd at the2nd at
Wed Dec 2 12:36:02 CET 2015


here is the output for a failed session and a working one (with openssh 
Both times i started two ssh sessions, keeping the first one open.

gpg-agent.log -
scd.log -

gpg-agent.log -
scd.log -

I am unsure if it is yubikey specific but as it is working with older 
openssh versions i guess its some bug thats related to any openssh 
The log always shows "error getting default authentication keyID of 
card: Conflicting use" when the problem occurs.
If you say that this is not a gnupg issue i'll ask the yubico folks.
But it would be really great to get any hint what could be the problem 
from someone who is familiar with the technical details. :)


On 2015-12-02 08:16, NIIBE Yutaka wrote:
> On 2015-12-01 at 11:55 +0100, the2nd at wrote:
>> There is just one gpg-agent + scdaemon.
> OK.
>> Do you keep the first SSH session open when re-plugging the yubikey?
> I don't use Yubikey.  I use OpenPGPcard with card reader and Gnuk
> Token.  If you think your problem is Yubikey specific, it would be
> good to ask Yubikey community.
> I keep the SSH session when I remove my token, re-insert it and.  I
> also tried with the setting of 'ForwardAgent yes' in .ssh/config and
> used SSH to another remote host.  But I can't reproduce.
> To debug your situation, please add 'verbose' in your
> .gnupg/gpg-agent.conf and create a file .gnupg/scdaemon.conf with:
> =====================
> debug-level	guru
> debug-all
> log-file	/tmp/scd.log
> =====================
> Before your experiment, please set your PIN by default one, because
> the scd.log file will include your PIN information.

More information about the Gnupg-users mailing list